CN109598145A - It is a kind of to prevent the data divulged a secret transmission and method for cloud storage and system - Google Patents

It is a kind of to prevent the data divulged a secret transmission and method for cloud storage and system Download PDF

Info

Publication number
CN109598145A
CN109598145A CN201811494188.4A CN201811494188A CN109598145A CN 109598145 A CN109598145 A CN 109598145A CN 201811494188 A CN201811494188 A CN 201811494188A CN 109598145 A CN109598145 A CN 109598145A
Authority
CN
China
Prior art keywords
data
client
key
encryption
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811494188.4A
Other languages
Chinese (zh)
Inventor
胡玮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuxi Yuguo Technology Co Ltd
Original Assignee
Wuxi Yuguo Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuxi Yuguo Technology Co Ltd filed Critical Wuxi Yuguo Technology Co Ltd
Priority to CN201811494188.4A priority Critical patent/CN109598145A/en
Publication of CN109598145A publication Critical patent/CN109598145A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of anti-data transmission and method for cloud storage divulged a secret, and are related to information security field, mainly solve the problems, such as that traditional data transmission method easily causes user data to reveal;This method include obtain client access request, the access request include input user name and with password corresponding to the user name;Key corresponding with the user name is generated in client;The data upload requests for obtaining client, are converted to encryption data for source data using the key, the encryption data are uploaded to server-side from client;The data download request for obtaining client, is downloaded to client from server-side for the encryption data, encryption data is converted to source data using the key.Source data is converted to encryption data using key by client by the present invention, by encrypted data transmission to server-side, in this way, no key can not be decrypted even if encryption data is stolen in server-side, ensure that the safety of source data.

Description

It is a kind of to prevent the data divulged a secret transmission and method for cloud storage and system
Technical field
It is specifically a kind of to prevent the data divulged a secret transmission and method for cloud storage and be the present invention relates to information security field System.
Background technique
Computer network with internet constantly universal each field for having evolved to almost our life and works. Computer network is calculated from initial centralization, be have passed through Client/Server stage (having two layers of C/S and three layer of C/S), has been sent out It opens up most popular Browser/Server at present and calculates mode.Either any mode, user are connected by client and are taken Business provides end, and the interaction of data is carried out with server-side, is finally reached the service provided using server-side.
With the continuous development of cloud computing, more and more users are selected oneself data (file, video, credit card It is information, even other to be related to the sensitive information of username and password) data that the cloud computing service provider of storage provides deposit In storage service.While bringing great convenience to user, the safety of data brings great challenge to user.It will be without The private sensitive data of encryption is stored in the storage of third party service provider offer, is equal to these data Xiang Quanshi Boundary is shared.More it is a risk that these third party service providers can not only read these user data easily, also know completely The account information (login name, telephone number, email address etc.) of the owner of these data of road.
Some service providers can resell this these data to obtain interests, can also place data into common search Search refinement is carried out in engine.Another is potentially prone to, even if once the storage system of hack service provider, these Sensitive data can be fallen into criminal's hand, cause extremely serious potential threat to user.No matter any situation occurs, use User data can all be in the state for receiving attack at a kind of moment, and the leakage of sensitive data can bring serious economic loss to user And security threat.
Summary of the invention
It is above-mentioned to solve the purpose of the present invention is to provide a kind of anti-data transmission and method for cloud storage system divulged a secret The problem of being proposed in background technique.
To achieve the above object, the invention provides the following technical scheme:
A kind of anti-data transmission and method for cloud storage divulged a secret, comprising the following steps:
Obtain client access request, the access request include input user name and with corresponding to the user name Password;
Key corresponding with the user name is generated in client;
Source data is converted to encryption data using the key by the data upload requests for obtaining client, described will be added Ciphertext data is uploaded to server-side from client;
The data download request for obtaining client, is downloaded to client from server-side for the encryption data, using described Encryption data is converted to source data by key.
As a further solution of the present invention: further include:
Unique cryptographic Hash corresponding with the user name is generated in client.
As further scheme of the invention: the encryption data storage is with unique cryptographic Hash in the client In the database of index.
It is a kind of to prevent that the data divulged a secret transmission and cloud store equipment, comprising:
Obtain module, for obtaining the access request of client, the access request include input user name and with institute State password corresponding to user name;
First generation module, for generating key corresponding with the user name in client;
Source data is converted to encryption using the key for obtaining the data upload requests of client by uploading module The encryption data is uploaded to server-side from client by data;
The encryption data is downloaded to visitor from server-side for obtaining the data download request of client by download module The encryption data is converted to the source data using the key by family end.
As further scheme of the invention: further including the second generation module, for being generated and the use in client The corresponding unique cryptographic Hash of name in an account book.
It is a kind of to prevent the data divulged a secret transmission and cloud storage system, including processor and memory, remember in the reservoir Record has at least one instruction, and at least one instruction is as processor loads and executes the biography of the data as described in claim 1-3 Transmission method.
Compared with prior art, the beneficial effects of the present invention are:
Source data is converted to encryption data using key by client by the present invention, by encrypted data transmission to service End, in this way, no key can not be decrypted even if encryption data is stolen in server-side, ensure that the safety of source data;Together When by being arranged unique cryptographic Hash, server-side can not reversely exit the key and user name and close of user by unique cryptographic Hash Code, i.e., the user that server-side services it does not have the understanding of any key message, further ensure the safety of source data.
Detailed description of the invention
Fig. 1 is the schematic diagram of step S1 in embodiment 1.
Fig. 2 is the schematic diagram of step S2 in embodiment 1.
Fig. 3 is the schematic diagram of step S3-1 in embodiment 1.
Fig. 4 is the schematic diagram of step S3-2 in embodiment 1.
Fig. 5 is the schematic diagram of step S4 in embodiment 1.
Specific embodiment
The technical solution of the patent is explained in further detail With reference to embodiment.
Embodiment 1
A kind of anti-data transmission and method for cloud storage divulged a secret, comprising the following steps:
S1: obtaining the access request of client, the access request include input user name and with the user name institute Corresponding password.
As shown in Figure 1, being taken by user for mobile phone terminal accesses www.yuguo.com when user is accessed by browser When business end, server-side disposably sends all codes for executing and entirely servicing to client browser.Next all calculating It is executed in client with operation.Client brings into operation in browser after receiving operation code, at this moment client meeting Show login page, it is desirable that user inputs username and password.If it is existing subscriber, login can be clicked after user's input, If it is new user, it can be clicked after user's input and establish account.
S2: key corresponding with the user name is generated in client.
As shown in Fig. 2, in the examples described above, after user accesses mobile phone terminal success, the username and password meeting of user According to algorithm production one key, as long as the username and password that user logs in every time is identical, the AES key generated every time also can It is identical.
Further, client can also generate a unique cryptographic Hash corresponding with user name.
Assuming that user, after being logged in user name Xiao Wang, the AES key that client code generates is xw12345678. key After generation, client is reruned a hash function, the cryptographic Hash of a unique mapping of client is generated from key, in this example In, the cryptographic Hash of generation is mf5sd9 ....
S3: obtaining the data upload requests of client, and source data is converted to encryption data using the key, will be described Encryption data is uploaded to server-side from client.
This step can be decomposed into S3-1 and S3-2 again.
S3-1: as shown in figure 3, next user wants that upload a Word file saves to server-side.If directly uploaded If, file can be stored in server-side in the form of plain code.The people that any server-side has permission can direct reading this file. In order to avoid file content is revealed in server-side, file just uses key to be encrypted in client.Word after after encryption File becomes the data block of non-plain code, i.e. encryption data.
S3-2: as shown in figure 4, in this step, client is sent the unique cryptographic Hash of user and encryption data by network To server-side.After server-side receives data, the encryption data stored can will be needed to be stored in the unique cryptographic Hash of user as index Database in.So far client completes all operations of file storage.File is safely stored in server-side.
Pay attention to it being in client encrypted data due to the file for being stored in server-side at this time, and server-side does not have Client key, so can not block of unencrypted data.Therefore being stored in the customer data of server-side is safe for client.Even if Data block is stolen in server-side, also can not ciphertext data due to not having key.
On the other hand, the user data of server-side is that the user unique cryptographic Hash generated with client indexes lookup, Server-side can not reversely shift out the key and username and password of client by cryptographic Hash, so server-side services it Client there is no the understanding on any key message.
S4: obtaining the data download request of client, and the encryption data is downloaded to client from server-side, utilizes institute It states key and encryption data is converted into source data.
As shown in figure 5, step process corresponding to this step and S3 on the contrary, user using same username and password from AES key and unique cryptographic Hash after client logs in, in the code building client of client operation.The use used due to client Name in an account book and password be same as above logged in when transmitting file it is identical, as AES key generated with unique cryptographic Hash is also.Client will Downloading request is sent to server-side together with unique cryptographic Hash.Server-side after receiving the request, is found out in the database with unique Cryptographic Hash is as the encryption data indexed and sends back to client.Client uses after receiving the encryption data that server-side is sent Same that encryption data is decrypted into source data by key, user can open this file in client and be written and read.
Embodiment 2
It is a kind of to prevent that the data divulged a secret transmission and cloud store equipment, comprising:
Obtain module, for obtaining the access request of client, the access request include input user name and with institute State password corresponding to user name;
First generation module, for generating key corresponding with the user name in client;
Source data is converted to encryption using the key for obtaining the data upload requests of client by uploading module The encryption data is uploaded to server-side from client by data;
The encryption data is downloaded to visitor from server-side for obtaining the data download request of client by download module The encryption data is converted to the source data using the key by family end.
As further scheme of the invention: further including the second generation module, for being generated and the use in client The corresponding unique cryptographic Hash of name in an account book.
Embodiment 3
It is a kind of to prevent the data divulged a secret transmission and cloud storage system, including processor and memory, remember in the reservoir Record has at least one instruction, and at least one instruction is loaded by processor and executes transmission side data as described in Example 1 Method.
It is obvious to a person skilled in the art that invention is not limited to the details of the above exemplary embodiments, Er Qie In the case where without departing substantially from spirit or essential attributes of the invention, the present invention can be realized in other specific forms.Therefore, no matter From the point of view of which point, the present embodiments are to be considered as illustrative and not restrictive, and the scope of the present invention is by appended power Benefit requires rather than above description limits, it is intended that all by what is fallen within the meaning and scope of the equivalent elements of the claims Variation is included within the present invention.Any reference signs in the claims should not be construed as limiting the involved claims.
In addition, it should be understood that although this specification is described in terms of embodiments, but not each embodiment is only wrapped Containing an independent technical solution, this description of the specification is merely for the sake of clarity, and those skilled in the art should It considers the specification as a whole, the technical solutions in the various embodiments may also be suitably combined, forms those skilled in the art The other embodiments being understood that.

Claims (6)

1. a kind of anti-data transmission and method for cloud storage divulged a secret, which comprises the following steps:
Obtain client access request, the access request include input user name and with it is close corresponding to the user name Code;
Key corresponding with the user name is generated in client;
The data upload requests for obtaining client, are converted to encryption data for source data using the key, by the encryption number Server-side is uploaded to according to from client;
The data download request for obtaining client, is downloaded to client from server-side for the encryption data, utilizes the key Encryption data is converted into source data.
2. the anti-data transmission and method for cloud storage divulged a secret according to claim 1, which is characterized in that further include:
Unique cryptographic Hash corresponding with the user name is generated in client.
3. the anti-data transmission and method for cloud storage divulged a secret according to claim 2, which is characterized in that the encryption number It is in the client in the database of index with unique cryptographic Hash according to storage.
4. a kind of anti-data transmission divulged a secret and cloud store equipment characterized by comprising
Obtain module, for obtaining the access request of client, the access request include input user name and with the use Password corresponding to name in an account book;
First generation module, for generating key corresponding with the user name in client;
Source data is converted to encryption data using the key for obtaining the data upload requests of client by uploading module, The encryption data is uploaded to server-side from client;
The encryption data is downloaded to client from server-side for obtaining the data download request of client by download module, The encryption data is converted into the source data using the key.
5. the anti-data transmission divulged a secret according to claim 4 and cloud store equipment, which is characterized in that further include:
Second generation module, for generating unique cryptographic Hash corresponding with the user name in client.
6. a kind of anti-data transmission divulged a secret and cloud storage system, including processor and memory, which is characterized in that the storage Record has at least one instruction in storage, and at least one instruction is as processor loads and executes as described in claim 1-3 Data transmission method.
CN201811494188.4A 2018-12-07 2018-12-07 It is a kind of to prevent the data divulged a secret transmission and method for cloud storage and system Pending CN109598145A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811494188.4A CN109598145A (en) 2018-12-07 2018-12-07 It is a kind of to prevent the data divulged a secret transmission and method for cloud storage and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811494188.4A CN109598145A (en) 2018-12-07 2018-12-07 It is a kind of to prevent the data divulged a secret transmission and method for cloud storage and system

Publications (1)

Publication Number Publication Date
CN109598145A true CN109598145A (en) 2019-04-09

Family

ID=65961460

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811494188.4A Pending CN109598145A (en) 2018-12-07 2018-12-07 It is a kind of to prevent the data divulged a secret transmission and method for cloud storage and system

Country Status (1)

Country Link
CN (1) CN109598145A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102739689A (en) * 2012-07-16 2012-10-17 四川师范大学 File data transmission device and method used for cloud storage system
CN103516523A (en) * 2013-10-22 2014-01-15 浪潮电子信息产业股份有限公司 Data encryption system structure based on cloud storage
CN103595730A (en) * 2013-11-28 2014-02-19 中国科学院信息工程研究所 Ciphertext cloud storage method and system
CN103763315A (en) * 2014-01-14 2014-04-30 北京航空航天大学 Credible data access control method applied to cloud storage of mobile devices

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102739689A (en) * 2012-07-16 2012-10-17 四川师范大学 File data transmission device and method used for cloud storage system
CN103516523A (en) * 2013-10-22 2014-01-15 浪潮电子信息产业股份有限公司 Data encryption system structure based on cloud storage
CN103595730A (en) * 2013-11-28 2014-02-19 中国科学院信息工程研究所 Ciphertext cloud storage method and system
CN103763315A (en) * 2014-01-14 2014-04-30 北京航空航天大学 Credible data access control method applied to cloud storage of mobile devices

Similar Documents

Publication Publication Date Title
CN111191286B (en) HyperLegger Fabric block chain private data storage and access system and method thereof
US6601169B2 (en) Key-based secure network user states
US9767299B2 (en) Secure cloud data sharing
Chu et al. Security concerns in popular cloud storage services
US20040010699A1 (en) Secure data management techniques
CN1235448A (en) Centralized certificate management system for two-way interactive communication devices in data networks
CN113228011A (en) Data sharing
CN103763319A (en) Method for safely sharing mobile cloud storage light-level data
CN113067699B (en) Data sharing method and device based on quantum key and computer equipment
CN104392354A (en) Association and retrieval method and system used for public key addresses and user accounts of crypto-currency
CN101218559A (en) Token sharing system and method
US20170094507A1 (en) Wireless application protocol gateway
CN107948146A (en) A kind of connection keyword retrieval method based on encryption attribute in mixed cloud
CN106850228A (en) A kind of foundation of portable intelligent password management system and operating method
US10068106B2 (en) Tokenization column replacement
US20220014367A1 (en) Decentralized computing systems and methods for performing actions using stored private data
US20200145389A1 (en) Controlling Access to Data
US11095620B1 (en) Secure method, system, and computer program product for exchange of data
Chinnasamy et al. A scalable multilabel‐based access control as a service for the cloud (SMBACaaS)
CN109067712A (en) A kind of user cloud data guard method and proxy server
CN103368831A (en) Anonymous instant messaging system based on frequent visitor recognition
Mukundrao et al. Enhancing security in cloud computing
CN105763324B (en) It is controllable to can verify that multi-user end can search for encryption searching method
CN114500069A (en) Method and system for storing and sharing electronic contract
CN110445757A (en) Personnel information encryption method, device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190409

RJ01 Rejection of invention patent application after publication